fix(checkconf): only check main config

Included configurations in nsd.conf.d tend to depend on each other. For
example when referring a TSIG key from 80-generates-keys in
90-generated-zones, running nsd-checkconf on these individual files
would cause an error.
It is sufficient and better to just check the main nsd.conf file, as it
combines all included configurations in the check.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

nsd/config/init.sls

@@ -6,3 +6,4 @@ include:
   - .config_files
   - .file
   - .zones
+  - .keys

nsd/config/keys.sls

@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import mapdata as nsd with context %}
+{%- from tplroot ~ "/macros.jinja" import config_file with context %}
+
+{%- set keys = nsd.get('keys', {}) %}
+
+{%- if keys | length > 0 %}
+
+{{    config_file('80-generated-keys', 'generated-keys') }}
+
+{%- endif %}

nsd/config/zones.sls

@@ -28,10 +28,14 @@ nsd-config-zones-file-directory:
 "{{ identifier }}":
   file.managed:
     - name: "{{ nsd.zones_dir }}/{{ zonefile_name(name, config) }}"
+    {%- if 'zone_source' in config %}
+    - source: {{ config['zone_source'] }}
+    {%- else %}
     - source: {{ files_switch([template, template+'.jinja'],
                               lookup=identifier
                  )
               }}
+    {%- endif %}
     - mode: 644
     - user: root
     - group: {{ nsd.rootgroup }}

nsd/files/default/generated-keys.conf.jinja

@@ -0,0 +1,11 @@
+########################################################################
+# File managed by Salt at <{{ source }}>.
+# Your changes will be overwritten.
+########################################################################
+
+{%- for name, config in nsd.get('keys').items() %}
+key:
+  name: "{{ name }}"
+  algorithm: "{{ config['algorithm'] }}"
+  secret: "{{ config['secret'] }}"
+{%- endfor %}

nsd/files/default/generated-zones.conf.jinja

@@ -1,4 +1,5 @@
 {%- from "nsd/macros.jinja" import zonefile_name with context -%}
+{%- set extraopts = ['allow-notify', 'request-xfr', 'outgoing-interface'] -%}
 ########################################################################
 # File managed by Salt at <{{ source }}>.
 # Your changes will be overwritten.
@@ -8,4 +9,9 @@
 zone:
   name: "{{ name }}"
   zonefile: "{{ nsd.zones_dir }}/{{ zonefile_name(name, config) }}"
+  {%- for option in extraopts %}
+  {%- if option in config %}
+  {{ option }}: {{ config[option] }}
+  {%- endif %}
+  {%- endfor %}
 {%- endfor %}

nsd/macros.jinja

@@ -25,7 +25,6 @@
       - file: nsd-config-file-file-managed
     - context:
         nsd: {{ nsd | json }}
-    - check_cmd: nsd-checkconf
     - watch_in:
       - service: nsd-service-running-service-running
 {%- endmacro %}

pillar.example

@@ -22,6 +22,13 @@ nsd:
   #   # 90-generated-zones is reserved for zones generated by this formula
   #   # 10-salt is reserved for general configuration generated by this formula
 
+  # If this section is present in your Pillar data,
+  # nsd.conf.d/80-generated-keys will be created and managed
+  keys:
+    examplekey:
+      algorithm: hmac-sha512
+      secret: encryptme
+
   # If this section is present in your Pillar data,
   # nsd.conf.d/90-generated-zones will be created and managed.
   zones:
@@ -31,6 +38,11 @@ nsd:
     "168.192.in-addr.arpa": {}
     # NSD's include-pattern directive may be a better way to share configuration
     # across zones than using YAML anchors.
+    #
+    # You can load the zone file from a custom source and specify additional configuration options:
+    # example.com:
+    #   zone_source: salt://zones/example.com.zone
+    #   request-xfr: 192.168.0.1
 
   # If this section is present in your Pillar data,
   # nsd.conf.d/10-salt.conf will be created and managed